Second passcode bypass flaw discovered in iOS 6.1 this month

Apple released iOS 6.1.2 one week ago to address, among other things, a flaw that allowed anyone to bypass the iPhone passcode lock screen and access select data on the device. But much to the dismay of Apple, yet another passcode bypass vulnerability has been discovered that once again lets users in the know access a locked device without knowing the four-digit pin.

The second vulnerability to surface this month is similar to the first in that it involved using the phone’s screenshot function, emergency call feature and the power button to circumvent the lock screen. From there, however, reports vary as to the level of access you may have.

The original note on the Full Disclosure blog says this new method allows an attacker to gain access to the phone’s voicemail list and contacts list. Connect the handset to a computer using a USB cable and you can even reportedly access other data like photos without the passcode. The latter, however, may only be partially true.

According to TNW, the user file system is encrypted and unviewable on a computer when an iPhone has a passcode enabled. The catch here is that if the iPhone has been connected to a computer and unlocked once, then its file system will always be viewable on that machine. If the phone has never been connected to a particular computer and unlocked, this hack won’t grant any magical access.

In related iOS news, Apple is beta testing the latest version of the software which prevents the use of the popular jailbreak software evasi0n. One of evasi0n’s creators was recently able to test the update and confirmed the patch, we are told. It's unclear at this hour when we can expect to see iOS 6.1.3 or what specific fixes it will carry.